@RolesAllowed does not perform a nested membership check in LDAP

777104 Aug 24, 2012 1:02 AM

Currently Being Moderated

Hi, I have a JEE6 application deployed on Glassfish server.
I'm using a form based authentication using an LDAP realm in glassfish.

I have the following problem, when I use @RolesAllowed("CUSTOMER_READ") annotation the check in LDAP is for direct membership matching not nested matching.
If the CUSTOMER_READ group has the logged in user as member everything is fine,
but if CUSTOMER_READ has a GROUP member B and B has the logged in user the authorization fails.

Does anyone know how to perform nested membership matching with JEE6 annotations on Glassfish?

Any comment will be helpful,
Thanks.

1. Re: @RolesAllowed does not perform a nested membership check in LDAP

777104 Aug 27, 2012 4:07 AM (in response to 777104)

Currently Being Moderated

The broblem was in Glassfish LDAP realm and how glassfish performs authentication.
Glassfish perform a direct membership group matching not a nested group matching.

Has anyone more info or any work around to perform a nested group matching in authentication
Report Abuse

Like (0)

Actions

Legend

Correct Answers - 10 points
Helpful Answers - 5 points